CN107196972A - A kind of authentication method and system, terminal and server - Google Patents
A kind of authentication method and system, terminal and server Download PDFInfo
- Publication number
- CN107196972A CN107196972A CN201710591304.3A CN201710591304A CN107196972A CN 107196972 A CN107196972 A CN 107196972A CN 201710591304 A CN201710591304 A CN 201710591304A CN 107196972 A CN107196972 A CN 107196972A
- Authority
- CN
- China
- Prior art keywords
- terminal
- certification
- characteristic information
- cryptographic hash
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
This application provides a kind of authentication method and system, terminal and server, wherein authentication method includes:The certification request for including the certification mark for representing non-certification first is sent to server, and obtains the identifying code that the server is sent;The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;Perform plus salt hashing operation, obtain plus salt cryptographic Hash with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information;Described plus salt cryptographic Hash is sent to the server, to add salt cryptographic Hash to be authenticated described in the server by utilizing.Whether the application has terminal access right using terminal feature come certification user, so that abnormal user is in the case of the access right without user equipment, even if intercept normal users short message be verified code can not be by certification, so as to ensure that abnormal user can not be by certification.
Description
Technical field
The application is related to communication technical field, more particularly to a kind of authentication method and system, terminal and server.
Background technology
Developing rapidly and being brought extensively using the life given people for mobile communication technology is greatly facilitated, but is also brought perhaps
Many potential safety hazards.For example, certification user identity is required in many cases, at present would generally be to user terminal with short message mode
Identifying code is sent out, with by verifying whether code authentication user is validated user.
But, because wireless channel has opening, abnormal user (attacker) can be cut using corresponding receiving device
The short message of terminal is obtained, and using identifying code therein by certification, and then the validated user infringement normal users interests that disguise oneself as.
The content of the invention
In consideration of it, the application provides a kind of authentication method and system, wherein current come certification using the characteristic information of terminal
Whether user has terminal access right so that abnormal user is in the case of no terminal access right, even if intercepting just
Conventional family short message is verified code can not be by certification, so as to ensure that abnormal user can not be by certification.
This application provides following technical characteristics to achieve these goals:
A kind of authentication method, including:
The certification request for including the certification mark for representing non-certification first is sent to server, and obtains the server hair
The identifying code sent;
The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;
Performed plus salt hashing operation with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information, obtain plus salt is breathed out
Uncommon value;
Described plus salt cryptographic Hash is sent to the server, to add salt cryptographic Hash to carry out described in the server by utilizing
Certification.
Optionally, sending comprising before representing the certification request of certification mark of non-certification first, also wrapping to server
Include:
Whether judge the terminal is certification first;
If not certification first, then generation includes the certification request for the certification mark for representing non-certification first;Wherein, it is described
Certification request also includes user and identified.
Optionally, in addition to:
If certification first, generation includes the certification request for the certification mark for representing certification first;Wherein, the certification please
Asking also includes user's mark;
Sent to the server comprising the certification request identified first, and forcible authentication behaviour is performed with the server
Make;
The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;
The cryptographic Hash of user's mark and the characteristic information is sent to the server, so that server is in the terminal right to use
The corresponding relation of user's mark and the cryptographic Hash of the characteristic information is added in limit relation.
Optionally, in addition to:
Receive and show the authentication result that the server is sent.
A kind of authentication method, including:
Receiving terminal sends certification request;Wherein, the certification request include user identify and represent terminal whether headed by
The secondary certification mark being authenticated;
Be authenticated first in the case of request determining that the terminal is non-based on certification mark, generate identifying code and to
The terminal sends the identifying code;
In terminal access right relation, the cryptographic Hash with the corresponding characteristic information of user mark is searched;Wherein, institute
State cryptographic Hash one-to-one relationship of the terminal access right relation including each user mark and each characteristic information, the feature
The cryptographic Hash of information is obtained after characteristic information the first hashing operation of execution of terminal that access right is identified with user;
Using the cryptographic Hash of the characteristic information as salt figure, perform plus salt hashing operation, added with reference to the identifying code
Salt cryptographic Hash;
This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared, and is sent and recognized to terminal according to comparative result
Demonstrate,prove result.
Optionally, after receiving terminal sends certification request, in addition to:
Determining that the terminal, to be authenticated first in the case of request, pressure is performed with terminal based on certification mark
Authentication operation.
Optionally, after being operated with terminal execution forcible authentication, in addition to:
The cryptographic Hash for the characteristic information that receiving terminal is sent and user's mark;
In terminal access right relation, the cryptographic Hash and the user for adding the characteristic information identify corresponding relation.
A kind of terminal, including:
Communication module, for sending the certification request for including the certification mark for representing non-certification first to server, and is obtained
Obtain the identifying code that the server is sent;Processor is calculated into obtain plus salt cryptographic Hash to send to the server, with toilet
State described in server by utilizing plus salt cryptographic Hash is authenticated;
Processor, the characteristic information for extracting terminal performs hashing operation to the characteristic information and obtains characteristic information
Cryptographic Hash;Perform plus salt hashing operation, obtain plus salt with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information
Cryptographic Hash.
A kind of server, including:
Communication module, certification request is sent for receiving terminal;Wherein, the certification request includes user's mark and represented
Whether terminal is the certification mark being authenticated first, and authentication result is sent to terminal;
Processor, it is raw for being authenticated first in the case of request determining that the terminal is non-based on certification mark
The identifying code is sent into identifying code and to the terminal;In terminal access right relation, search and user mark pair
The cryptographic Hash for the characteristic information answered;Wherein, the terminal access right relation includes each user mark and each characteristic information
Cryptographic Hash one-to-one relationship, the cryptographic Hash of the characteristic information believed by the feature that the terminal of access right is identified with user
Breath is obtained after performing the first hashing operation;Using the cryptographic Hash of the characteristic information as salt figure, perform and add with reference to the identifying code
Salt hashing operation, is obtained plus salt cryptographic Hash;This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared and recognized
Demonstrate,prove result.
A kind of Verification System, including:
Terminal, for sending the certification request for including the certification mark for representing non-certification first to server, and obtains institute
State the identifying code of server transmission;Wherein, the certification request includes user's mark and represents whether terminal is to be recognized first
The certification mark of card;The characteristic information of terminal is extracted, the Hash that hashing operation obtains characteristic information is performed to the characteristic information
Value;Perform plus salt hashing operation, obtain plus salt cryptographic Hash with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information;
Described plus salt cryptographic Hash is sent to the server;The authentication result that the reception server is sent.
Server, certification request is sent for receiving terminal;Determining that the terminal is non-first based on certification mark
It is authenticated in the case of request, generates identifying code and send the identifying code to the terminal;In terminal access right relation,
Search the cryptographic Hash with the corresponding characteristic information of user mark;Wherein, the terminal access right relation is used including each
Family identifies the cryptographic Hash one-to-one relationship with each characteristic information, and the cryptographic Hash of the characteristic information with user's mark by making
Obtained after performing the first hashing operation with the characteristic information of the terminal of authority;Using the cryptographic Hash of the characteristic information as salt figure,
Perform plus salt hashing operation, obtain plus salt cryptographic Hash with reference to the identifying code;This plus salt cryptographic Hash are sent with terminal plus salt
Cryptographic Hash is compared, and authentication result is sent to terminal according to comparative result.
Pass through above technological means, it is possible to achieve following beneficial effect:
Whether the application has terminal access right using the characteristic information of terminal come certification user so that abnormal user exists
In the case of there is no user terminal access right, though intercept normal users short message be verified code can not by certification,
So as to ensure that abnormal user can not be by certification.In addition, the operation of user, which is remained, only needs input validation code, user's body is not influenceed
Test.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of application, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of structural representation of Verification System disclosed in the embodiment of the present application;
Fig. 2 is a kind of flow chart of authentication method disclosed in the embodiment of the present application;
Fig. 3 is the flow chart of another authentication method disclosed in the embodiment of the present application;
Fig. 4 is a kind of structural representation of terminal disclosed in the embodiment of the present application;
Fig. 5 is a kind of structural representation of server disclosed in the embodiment of the present application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only some embodiments of the present application, rather than whole embodiments.It is based on
Embodiment in the application, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of the application protection.
For the ease of skilled in the art realises that the application scenarios of the application, referring to Fig. 1, recognize this application provides one kind
Card system, including terminal 100 and server 200.
The one embodiment provided according to the application, a kind of authentication method is provided based on the Verification System shown in Fig. 1.Ginseng
See Fig. 2, specifically include following steps:
Step S201:Terminal 100 determines whether certification first.
The application is commonly used to be provided with the client of application in terminal.It is understood that server 200 is and visitor
Family end 100 is corresponding.For example, by taking Bank of China as an example, client 100 is the client of " Bank of China ", corresponding, server
200 be the server of " Bank of China ".
Client in terminal 100 is carrying out certain operations (for example, register, delivery operation or turn operation etc.
Sensitive operation) when, it is necessary to be authenticated to active user.In this case, the client in terminal 100 is determined whether as first
Certification.
Client in terminal 100 includes a certification mark, and whether certification mark can represent it in service
Certification was carried out on device 200.
For example, so that certification is designated a flag mark as an example, when certification is designated " 1 ", representing that terminal 100 exists
Certification was carried out on server 200, this is authenticated non-certification first to server 200.When certification is designated " 0 ", table
Show that terminal 100 did not carried out certification on server 200, this is authenticated as certification first to server 200.
Terminal 100 can based on client memory storage certification mark determine whether certification first.
Step S202:If certification first, generation includes the certification request for the certification mark for representing certification first;Wherein,
The certification request also includes user and identified.
If certification mark represents that terminal is certification first, the certification request that generation is identified comprising certification, certification is designated
Represent the mark being authenticated first to server.In addition, certification request also includes the user's mark for logging in client.
Step S203:Terminal 100 is sent comprising the certification request identified first to server 200.
Step S204:The receiving terminal 100 of server 200 send comprising the certification request identified first, based on described
Certification mark determines the terminal to be authenticated first in the case of request, and forcible authentication operation is performed with terminal.
The certification request that the receiving terminal 100 of server 200 is sent, can be learnt end by the certification mark in certification request
End 100 is certification first, does not carry out certification on server 200 before.This verification process, server 200 and terminal 100
Forcible authentication operation can be performed.
Forcible authentication operation can be a kind of authentication operation in existing authentication operation, for example, server 200 is to terminal
100 transmission identifying codes are authenticated.The process has been mature technology, be will not be repeated here.
Step S205:Terminal 100 extracts the characteristic information of terminal, and performing hashing operation to the characteristic information obtains feature
The cryptographic Hash of information, sends the cryptographic Hash of user's mark and characteristic information to server 200.
After terminal 100 and server 200 carry out forcible authentication operation, terminal 100 can extract the characteristic information of terminal.
Characteristic information is that can uniquely represent the information of terminal.For example, frame number of the international mobile equipment identity number of terminal, terminal etc..
The purpose that the characteristic information of terminal is obtained in the application is, is logged in using characteristic information and identifying code double verification
Whether the active user of client is validated user.The identifying code that is issued due to server 200 is easily stolen to be taken, so the application
The characteristic information of terminal is added outside identifying code.
Under normal circumstances, terminal used in validated user is basically unchanged, so, the characteristic information of terminal can represent to step on
Whether the active user for recording client has terminal access right.
For example, the active user for logging in client generally uses characteristic information for A terminal logs in, then it represents that active user
With the terminal access right that characteristic information is A.If active user uses characteristic information for B terminal logs in, then it represents that current
User is without the terminal access right that characteristic information is B.
The characteristic information of terminal can be sent directly to server 200 by terminal 100, so that server 200 is stored.
But typically, in order to improve efficiency of transmission and avoid characteristic information from being stolen, the feature of terminal can be believed
Breath carries out execution hashing operation, so as to obtain the cryptographic Hash of characteristic information.The byte quantity of cryptographic Hash is less than the word of characteristic information
Joint number amount, can improve efficiency of transmission.Also, the characteristic information of terminal is performed after hashing operation, can be avoided directly in net
The characteristic information of plaintext transmission terminal in network, can be protected to the characteristic information of terminal.
Step S206:Server 200 receives user's mark and the cryptographic Hash of characteristic information, and in terminal access right relation
The corresponding relation of middle addition user's mark and the cryptographic Hash of the characteristic information.
There is terminal access right relation, including each user mark and each corresponding feature in server 200
The corresponding relation of the cryptographic Hash of information.By taking a corresponding relation as an example, user mark A and characteristic information cryptographic Hash A have pair
It should be related to, then user's mark A has the access right of terminal corresponding with this feature information.
According to the another embodiment of the application, a kind of authentication method is provided based on the Verification System shown in Fig. 1 again.Referring to
Fig. 3 specifically includes following steps:
Step S301:Terminal 100 sends the certification comprising the certification mark for representing non-certification first to server 200 please
Ask.
If terminal 100 judges that the certification in client identifies non-certification first, generation please comprising the certification that certification is identified
Ask, certification is designated the non-mark being authenticated first to server of expression.In addition, certification request also includes logging in client
User identifies.
Step S302:Server 200 receives the certification request for including the certification mark for representing non-certification first, based on institute
State certification mark and determine that the terminal is non-and be authenticated first in the case of request, generation identifying code simultaneously sends described to the terminal
Identifying code.
The certification request that the receiving terminal 100 of server 200 is sent, can be learnt end by the certification mark in certification request
Hold 100 non-certifications first.Therefore, it is possible to use new authentication mode:Tested using the characteristic information of terminal and the dual of identifying code
Card mode.
Therefore, server 200 first generates identifying code, and the mode of generation identifying code can have a variety of and be mature technology,
It will not be repeated here.
Step S303:Server 300 searches feature letter corresponding with user mark in terminal access right relation
The cryptographic Hash of breath;Using the cryptographic Hash of the characteristic information as salt figure, perform plus salt hashing operation, obtain with reference to the identifying code
Plus salt cryptographic Hash.
It can be seen that by the embodiment shown in above-mentioned Fig. 2:The terminal access right relation is identified including each user
With the cryptographic Hash one-to-one relationship of each characteristic information, the cryptographic Hash of the characteristic information with user by identifying access right
Terminal characteristic information perform the first hashing operation after obtain.
Server 200 obtains user's mark in certification request, and is searched and user's mark in terminal access right relation
Know the cryptographic Hash of corresponding characteristic information.
Plus the process of salt hashing operation can be:Hashing operation (identifying code+salt figure)=cryptographic Hash.That is, server 200 will
Then salt figure and identifying code are combined by the cryptographic Hash of characteristic information as salt figure, so as to be breathed out to the data after combination
Uncommon operation, so as to obtain plus salt cryptographic Hash.
Step S304:The identifying code that the reception server of terminal 100 is sent, and the characteristic information of terminal is extracted, to the spy
Reference breath performs the cryptographic Hash that hashing operation obtains characteristic information;Tested by salt figure of the cryptographic Hash of the characteristic information with reference to described
Demonstrate,prove code to perform plus salt hashing operation, obtain plus salt cryptographic Hash;Described plus salt cryptographic Hash is sent to the server 200.
The implementation procedure of terminal 100 is similar with step S303 process, will not be repeated here.
Step S305:Server 200, which will calculate obtain plus salt cryptographic Hash is sent with terminal plus salt cryptographic Hash, to be compared
Compared with, according to comparative result to terminal send authentication result.
Server 200 is calculated to be obtained plus salt cryptographic Hash according to the cryptographic Hash and identifying code of the characteristic information prestored, will
Salt cryptographic Hash should be added to be used as certification foundation.
Terminal 100 can extract the characteristic information of terminal and obtain the cryptographic Hash of characteristic information, and utilize the Kazakhstan of characteristic information
Uncommon value and the identifying code received obtain adding salt cryptographic Hash, regard this plus salt cryptographic Hash as Service Ticket.
Server 200 is contrasted two plus salt cryptographic Hash, if two add salt cryptographic Hash consistent, illustrates that user has
Terminal access right, and, identifying code input is correct, i.e., active user is validated user by certification.
If two add salt cryptographic Hash consistent, illustrate that active user does not have terminal access right, or, identifying code input
Wrong, i.e., it is disabled user that active user is not authenticated.
Server 200 sends authentication result to terminal 100.
Step S306:Terminal 100 is used to receive and show authentication result.
Pass through above-mentioned two embodiment, it can be seen that the application has the advantages that:
Compared with directly using the mode of identifying code in the prior art, the application intercepts user's short message in attacker and obtained
In the case of knowing identifying code, because attack terminal can not obtain the characteristic information of normal terminal, so attack terminal is without just
Standing standby access right.That is, attack terminal can not provide the salt figure for calculating and adding required for salt hashing operation, therefore can not calculate correct
Plus salt cryptographic Hash (Service Ticket).
The present embodiment uses the cryptographic Hash of facility information as salt figure, because cryptographic Hash is impossible to exhaust, therefore does not have in listener-in
There is a counterpart terminal access right and in the case that characteristic information is not revealed, this method effectively can prevent attacker from passing through certification.And
And, salt figure is done using the cryptographic Hash of characteristic information, it is more safer than directly using characteristic information, prevent the leakage of characteristic information.
In addition, the operation of user, which is remained, only needs input validation code, Consumer's Experience is not influenceed.
The application example of the application is described below:
When the client of terminal 100 is judged as certification first, certification request is initiated to server 200, both sides are forced
Authentication operation, to set up safe and reliable channel.On this basis, the IMEI code of the reading terminals of terminal 100 is as characteristic information,
And calculate the cryptographic Hash S of special medical treatment information and be sent to server 200.User is identified storage corresponding with S values by server.
Terminal 100 initiates certification request to server 200, and server 200 issues identifying code by short message.Terminal 100 is read
The IMEI code of terminal is taken, and performs hashing operation and obtains cryptographic Hash S ', using cryptographic Hash S ' as salt figure, to the identifying code that receives again
Secondary execution hashing operation obtains Service Ticket H ';Service Ticket H ' is sent to server 200.
Server 200 searches value S corresponding with user's mark as salt figure, and the identifying code execution hashing operation of generation is obtained
To Service Ticket H, and compare H and H ' it is whether identical.If identical, certification passes through;If it is different, then authentification failure.
Referring to Fig. 4, present invention also provides a kind of terminal, including:
Communication module 101, for sending the certification request for including the certification mark for representing non-certification first to server, and
Obtain the identifying code that the server is sent;Processor is calculated into obtain plus salt cryptographic Hash to send to the server, so as to
Salt cryptographic Hash is added to be authenticated described in the server by utilizing;
Processor 102, the characteristic information for extracting terminal performs hashing operation to the characteristic information and obtains feature letter
The cryptographic Hash of breath;Perform plus salt hashing operation, added with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information
Salt cryptographic Hash.
Referring to Fig. 5, the application also provides a kind of server, including:
Communication module 201, certification request is sent for receiving terminal;Wherein, the certification request include user mark and
Whether be the certification mark that is first authenticated, authentication result is sent to terminal if representing terminal;
Processor 202, for being authenticated first in the case of request determining that the terminal is non-based on certification mark,
Generate identifying code and send the identifying code to the terminal;In terminal access right relation, search and identified with the user
The cryptographic Hash of corresponding characteristic information;Wherein, the terminal access right relation includes each user mark and each feature letter
The cryptographic Hash one-to-one relationship of breath, the cryptographic Hash of the characteristic information is by identifying the feature of the terminal of access right with user
Information is obtained after performing the first hashing operation;Using the cryptographic Hash of the characteristic information as salt figure, performed with reference to the identifying code
Plus salt hashing operation, obtain plus salt cryptographic Hash;This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared acquisition
Authentication result.
If the function described in the present embodiment method is realized using in the form of SFU software functional unit and is used as independent product pin
Sell or in use, can be stored in a computing device read/write memory medium.Understood based on such, the embodiment of the present application
The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, and this is soft
Part product is stored in a storage medium, including some instructions to cause a computing device (can be personal computer,
Server, mobile computing device or network equipment etc.) perform all or part of step of the application each embodiment methods described
Suddenly.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), deposit at random
Access to memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The embodiment of each in this specification is described by the way of progressive, what each embodiment was stressed be with it is other
Between the difference of embodiment, each embodiment same or similar part mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or use the application.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can in other embodiments be realized in the case where not departing from spirit herein or scope.Therefore, the application
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The most wide scope caused.
Claims (10)
1. a kind of authentication method, it is characterised in that including:
The certification request for including the certification mark for representing non-certification first is sent to server, and obtains what the server was sent
Identifying code;
The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;
Perform plus salt hashing operation, obtain plus salt Hash with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information
Value;
Described plus salt cryptographic Hash is sent to the server, to add salt cryptographic Hash to be recognized described in the server by utilizing
Card.
2. the method as described in claim 1, it is characterised in that sent to server comprising the certification for representing non-certification first
Before the certification request of mark, in addition to:
Whether judge the terminal is certification first;
If not certification first, then generation includes the certification request for the certification mark for representing non-certification first;Wherein, the certification
Request also includes user and identified.
3. method as claimed in claim 2, it is characterised in that also include:
If certification first, generation includes the certification request for the certification mark for representing certification first;Wherein, the certification request is also
Including user's mark;
Sent to the server comprising the certification request identified first, and forcible authentication operation is performed with the server;
The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;
The cryptographic Hash of user's mark and the characteristic information is sent to the server, so that server is closed in terminal access right
The corresponding relation of user's mark and the cryptographic Hash of the characteristic information is added in system.
4. the method as described in claim 1, it is characterised in that also include:
Receive and show the authentication result that the server is sent.
5. a kind of authentication method, it is characterised in that including:
Receiving terminal sends certification request;Wherein, the certification request includes user's mark and represents whether terminal is to enter first
The certification mark of row certification;
It is authenticated first in the case of request determining that the terminal is non-based on certification mark, generates identifying code and to described
Terminal sends the identifying code;
In terminal access right relation, the cryptographic Hash with the corresponding characteristic information of user mark is searched;Wherein, the end
Access right relation is held to include each user mark and the cryptographic Hash one-to-one relationship of each characteristic information, the characteristic information
Cryptographic Hash by with user identify access right terminal characteristic information perform the first hashing operation after obtain;
Using the cryptographic Hash of the characteristic information as salt figure, performed with reference to the identifying code plus salt hashing operation, obtain plus salt is breathed out
Uncommon value;
This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared, and certification knot is sent to terminal according to comparative result
Really.
6. method as claimed in claim 5, it is characterised in that after receiving terminal sends certification request, in addition to:
Determining that the terminal, to be authenticated first in the case of request, forcible authentication is performed with terminal based on certification mark
Operation.
7. method as claimed in claim 6, it is characterised in that after being operated with terminal execution forcible authentication, in addition to:
The cryptographic Hash for the characteristic information that receiving terminal is sent and user's mark;
In terminal access right relation, the cryptographic Hash and the user for adding the characteristic information identify corresponding relation.
8. a kind of terminal, it is characterised in that including:
Communication module, for sending the certification request for including the certification mark for representing non-certification first to server, and obtains institute
State the identifying code of server transmission;Processor is calculated into obtain plus salt cryptographic Hash to send to the server, so as to the clothes
Business device is authenticated using described plus salt cryptographic Hash;
Processor, the characteristic information for extracting terminal performs the Kazakhstan that hashing operation obtains characteristic information to the characteristic information
Uncommon value;Perform plus salt hashing operation, obtain plus salt Hash with reference to the identifying code by salt figure of the cryptographic Hash of the characteristic information
Value.
9. a kind of server, it is characterised in that including:
Communication module, certification request is sent for receiving terminal;Wherein, the certification request includes user's mark and represents terminal
Whether it is the certification mark being authenticated first, authentication result is sent to terminal;
Processor, for being authenticated first in the case of request determining that the terminal is non-based on certification mark, generation is tested
Demonstrate,prove code and send the identifying code to the terminal;In terminal access right relation, search corresponding with user mark
The cryptographic Hash of characteristic information;Wherein, the terminal access right relation includes each user mark and the Kazakhstan of each characteristic information
Uncommon value one-to-one relationship, the cryptographic Hash of the characteristic information is held by the characteristic information that the terminal of access right is identified with user
Obtained after the hashing operation of row first;Using the cryptographic Hash of the characteristic information as salt figure, performed with reference to the identifying code plus salt is breathed out
Uncommon operation, is obtained plus salt cryptographic Hash;This plus salt cryptographic Hash are sent with terminal plus salt cryptographic Hash is compared access authentication knot
Really.
10. a kind of Verification System, it is characterised in that including:
Terminal, for sending the certification request for including the certification mark for representing non-certification first to server, and obtains the clothes
The identifying code that business device is sent;Wherein, the certification request includes user's mark and represents whether terminal is authenticated first
Certification is identified;The characteristic information of terminal is extracted, the cryptographic Hash that hashing operation obtains characteristic information is performed to the characteristic information;With
The cryptographic Hash of the characteristic information is that salt figure is performed plus salt hashing operation with reference to the identifying code, is obtained plus salt cryptographic Hash;By institute
State plus salt cryptographic Hash is sent to the server;The authentication result that the reception server is sent;
Server, certification request is sent for receiving terminal;Carried out first determining that the terminal is non-based on certification mark
In the case of certification request, generate identifying code and send the identifying code to the terminal;In terminal access right relation, search
With the cryptographic Hash of the corresponding characteristic information of user mark;Wherein, the terminal access right relation is marked including each user
Know the cryptographic Hash one-to-one relationship with each characteristic information, the cryptographic Hash of the characteristic information with user by identifying the right to use
The characteristic information of the terminal of limit is obtained after performing the first hashing operation;Using the cryptographic Hash of the characteristic information as salt figure, with reference to
The identifying code is performed plus salt hashing operation, is obtained plus salt cryptographic Hash;This plus salt cryptographic Hash are sent with terminal plus salt Hash
Value is compared, and authentication result is sent to terminal according to comparative result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710591304.3A CN107196972B (en) | 2017-07-19 | 2017-07-19 | Authentication method and system, terminal and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710591304.3A CN107196972B (en) | 2017-07-19 | 2017-07-19 | Authentication method and system, terminal and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107196972A true CN107196972A (en) | 2017-09-22 |
CN107196972B CN107196972B (en) | 2020-12-22 |
Family
ID=59883298
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710591304.3A Active CN107196972B (en) | 2017-07-19 | 2017-07-19 | Authentication method and system, terminal and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107196972B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
CN108134770A (en) * | 2017-10-19 | 2018-06-08 | 黄策 | Verify the application layer theft preventing method of short message |
CN108566278A (en) * | 2018-03-21 | 2018-09-21 | 北京金堤科技有限公司 | The method and device of data files |
CN108763303A (en) * | 2018-04-20 | 2018-11-06 | 广东省科技基础条件平台中心 | Platform verification method, device, computer equipment and storage medium |
CN109450917A (en) * | 2018-11-28 | 2019-03-08 | 珠海金山网络游戏科技有限公司 | Account login method, calculates equipment and storage medium at device |
CN115600177A (en) * | 2022-10-09 | 2023-01-13 | 北京金和网络股份有限公司(Cn) | Identity authentication method and device, storage medium and electronic equipment |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101500232A (en) * | 2009-03-13 | 2009-08-05 | 北京华大智宝电子系统有限公司 | Method and system for implementing dynamic identity authentication |
US20140115340A1 (en) * | 2012-10-19 | 2014-04-24 | Samsung Electronics Co., Ltd. | Unique device identifier provision method and apparatus |
CN103841130A (en) * | 2012-11-21 | 2014-06-04 | 深圳市腾讯计算机系统有限公司 | Verification information pushing method and device, and identity authentication method and device |
CN104243155A (en) * | 2013-06-18 | 2014-12-24 | 腾讯科技(深圳)有限公司 | Safety verification method and device |
CN104869570A (en) * | 2015-04-10 | 2015-08-26 | 电子科技大学 | Speaking terminal confirmation method based on language channel |
CN104901925A (en) * | 2014-03-05 | 2015-09-09 | 中国移动通信集团北京有限公司 | End-user identity authentication method, device and system and terminal device |
CN105407074A (en) * | 2014-09-11 | 2016-03-16 | 腾讯科技(深圳)有限公司 | Authentication method, apparatus and system |
CN105591743A (en) * | 2014-10-23 | 2016-05-18 | 腾讯科技(深圳)有限公司 | Method and device for carrying out identity authentication through equipment operation features of user terminal |
CN106790056A (en) * | 2016-12-20 | 2017-05-31 | 中国科学院苏州生物医学工程技术研究所 | Reduce the method and system of the data theft risk of data bank |
CN106878324A (en) * | 2017-03-15 | 2017-06-20 | 中国联合网络通信集团有限公司 | Short message authentication method, short message certification server and terminal |
-
2017
- 2017-07-19 CN CN201710591304.3A patent/CN107196972B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101500232A (en) * | 2009-03-13 | 2009-08-05 | 北京华大智宝电子系统有限公司 | Method and system for implementing dynamic identity authentication |
US20140115340A1 (en) * | 2012-10-19 | 2014-04-24 | Samsung Electronics Co., Ltd. | Unique device identifier provision method and apparatus |
CN103841130A (en) * | 2012-11-21 | 2014-06-04 | 深圳市腾讯计算机系统有限公司 | Verification information pushing method and device, and identity authentication method and device |
CN104243155A (en) * | 2013-06-18 | 2014-12-24 | 腾讯科技(深圳)有限公司 | Safety verification method and device |
CN104901925A (en) * | 2014-03-05 | 2015-09-09 | 中国移动通信集团北京有限公司 | End-user identity authentication method, device and system and terminal device |
CN105407074A (en) * | 2014-09-11 | 2016-03-16 | 腾讯科技(深圳)有限公司 | Authentication method, apparatus and system |
CN105591743A (en) * | 2014-10-23 | 2016-05-18 | 腾讯科技(深圳)有限公司 | Method and device for carrying out identity authentication through equipment operation features of user terminal |
CN104869570A (en) * | 2015-04-10 | 2015-08-26 | 电子科技大学 | Speaking terminal confirmation method based on language channel |
CN106790056A (en) * | 2016-12-20 | 2017-05-31 | 中国科学院苏州生物医学工程技术研究所 | Reduce the method and system of the data theft risk of data bank |
CN106878324A (en) * | 2017-03-15 | 2017-06-20 | 中国联合网络通信集团有限公司 | Short message authentication method, short message certification server and terminal |
Non-Patent Citations (1)
Title |
---|
龚俭: "《计算机网络安全导论 第2版》", 30 September 2007 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108134770A (en) * | 2017-10-19 | 2018-06-08 | 黄策 | Verify the application layer theft preventing method of short message |
CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
CN108566278A (en) * | 2018-03-21 | 2018-09-21 | 北京金堤科技有限公司 | The method and device of data files |
CN108566278B (en) * | 2018-03-21 | 2020-04-14 | 北京金堤科技有限公司 | Data cooperation method and device |
CN108763303A (en) * | 2018-04-20 | 2018-11-06 | 广东省科技基础条件平台中心 | Platform verification method, device, computer equipment and storage medium |
CN109450917A (en) * | 2018-11-28 | 2019-03-08 | 珠海金山网络游戏科技有限公司 | Account login method, calculates equipment and storage medium at device |
CN109450917B (en) * | 2018-11-28 | 2021-11-26 | 珠海金山网络游戏科技有限公司 | Account login method and device, computing equipment and storage medium |
CN115600177A (en) * | 2022-10-09 | 2023-01-13 | 北京金和网络股份有限公司(Cn) | Identity authentication method and device, storage medium and electronic equipment |
CN115600177B (en) * | 2022-10-09 | 2024-04-16 | 北京金和网络股份有限公司 | Identity authentication method and device, storage medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN107196972B (en) | 2020-12-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107196972A (en) | A kind of authentication method and system, terminal and server | |
CN105391695B (en) | A kind of terminal registration method and method of calibration | |
CN109492378A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
CN109450649A (en) | Gateway verification method and device based on application program interface and electronic equipment | |
CN106529952B (en) | Verification implementation method and system in data transfer | |
CN103905194B (en) | Identity traceability authentication method and system | |
CN104618315B (en) | A kind of method, apparatus and system of verification information push and Information Authentication | |
CN102761557B (en) | A kind of terminal device authentication method and device | |
US10270808B1 (en) | Auto-generated synthetic identities for simulating population dynamics to detect fraudulent activity | |
CN109561085A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
CN104579649A (en) | Identity recognition method and system | |
CN103475484B (en) | USB key authentication methods and system | |
CN101166094A (en) | A method for client to automatically log in the server via intelligent encryption mode | |
CN104767713A (en) | Account binding method, server and account binding system | |
CN111585995B (en) | Secure wind control information transmission and processing method and device, computer equipment and storage medium | |
CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
CN109067544A (en) | A kind of private key verification method, the apparatus and system of soft or hard combination | |
CN106559386A (en) | A kind of authentication method and device | |
CN106549756A (en) | A kind of method and device of encryption | |
CN114339755A (en) | Registration verification method and device, electronic equipment and computer readable storage medium | |
CN107294981B (en) | Authentication method and equipment | |
CN108764834A (en) | Signature method, system, equipment and the medium of electronic contract | |
CN104144146B (en) | A kind of method and system of access website | |
CN108600259A (en) | The certification of equipment and binding method and computer storage media, server | |
KR101583698B1 (en) | Authentication system and method for device attempting connection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |